10-31-2023 01:33 PM
Hi, I have XDR integrated with XSOAR for bidirectional incident mirroring...
The strange thing is that when I close incidents in XSOAR as false positives, they appear as 'Resolved other' in XDR via the API...
If I close incidents as false positives in XDR through an automation rule, they remain open in XSOAR...
Does anyone know what this might be?
Has anyone encountered the same issue?
I've already opened a support case, but so far, there's been no response from the engineering team... They are investigating... and I wanted to know if anyone has experienced the same issue
11-01-2023 03:39 AM
Hi @tlmarques ,
Thank you for writing to live community.
We have observed that whenever an incident is closed in XDR it takes some time to reflect in XSOAR. This may be the reason the incident was still showing open in XSOAR.
Could you please confirm if the incident is still open in XSOAR?
11-17-2023 08:28 AM
I opened a case with support, and they said it's normal. All XDR cases, even if closed in XDR, will appear as open in XSOAR because the playbooks will run. That's how it's defined by default.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
